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DETAILED ACTION 

1. This action is in response to applicant's amendment filed on 09/11/2008. Claims 1-24 
are pending in the present application. This Action is made FINAL. 

Claim Rejections - 35 USC § 112 

2. Applicant's amendments overcome the rejection of claims 1-8 under 35 USC 112. 
Therefore, the rejection of claims 1-8 under 35 USC 1 12 is withdrawn. 

Claim Rejections - 35 USC §101 

3. Applicant's amendments overcome the rejection of claims 16-17 and 20-21 under 35 
USC 101. Therefore, the rejection of claims 16-17 and 20-21 under 35 USC 101 is withdrawn. 



Claim Rejections - 35 USC §103 

4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior ail arc 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 



5. Claims 1-4, 6-12 and 14-24 are rejected under 35 U.S.C. 103(a) as being unpatentable 



over Haverinen et el (US 2005/0195780 Al) in view of Westberg et al (US 2004/0267874 Al). 
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Referring to claim 1, Haverinen discloses a method of arranging transmission of packet 
data in a system (abstract and figure 1) comprising a mobile terminal (figure 1-2, "mobile 
node"), a wireless local network and a mobile network (abstract and figure 1-2 and par. 21, 
"WLAN"), the method comprising: 

signaling, end-to-end service related parameters for communication between the mobile 
terminal and the wireless network (par. 21, lines 21-24 and fig. 2), 

communicating a resource authorization identifier to the mobile terminal (par. 5, 11, 
"VPN", "IP address", "secure network"), 

transmitting the resource authorization identifier to the mobile network via the wireless 
local network (fig. 2, par. 5, 25, "mobile node MN is communicating with the CH by directly 
accessing the secure network SN or via some third network (e.g. WLAN OR PLMNW)"), 

receiving a request for authorization from the mobile network on the basis of the resource 
authorization identifier (par. 5, 8, 27, "obtain an address from the secure private network", 
"Mobile IP foreign or home agent advertisement message", note that in order to obtain a secure 
channel in VPN connection via tunneling an authorization is inherently transmitted through the 
intermediate networks, e.g., a mobile network), 

sending an authorization response to bind a communication channel between the mobile 
terminal and the mobile network (fig. 1-2) to an end-to-end data flow of the mobile terminal 
wherein the authorization response comprises identification information on the end-to-end data 
flow and tunnel identification information identifying the tunnel ( fig. 1-2 and par. 8, 35-36 and 
38, note that the mobile node is able to connect and from a channel with the WLAN and also 
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with the cellular network. Further the connection between the mobile node and the AP of 
WLAN/Cellular network is end to end, note that information such as tunnel identification would 
inherently be provided and used so that a virtual system can be identified, thus a secure channel 
would be established ). 



Haverinen does not specifically disclose binding a tunnel between the communication 
nodes as defined by applicant. 

Wcstberg discloses methods and systems of packet communication between wireless 
nodes and wired nodes where packet tunnels are formed for specific communications (figure 1 
and paragraphs 4, 6, 8, 12, 16-22, "IPSec tunnel", "WLANs", "packet-switched mobile 
networks", mobile networks such as GPRS networks by encapsulating LAN frames or datagrams 
to create a tunnel (e.g., an IP/UDP tunnel) from the remote LAN segment through the packet- 
switched mobile network and the packet-switched fixed network to the fixed LAN segment"). 

It would have been obvious to one of the ordinary skill in the art at the time of invention 
to modify Haverinen by incorporating the teachings of Westberg in the format claimed, for the 
purpose of providing an efficient communication system. 

Referring to claim 2, the combination of Haverinen/Westberg discloses the method as 
claimed in claim 1, and further disclose transmitting at least one filter or gate parameter to the 
mobile network, the at least one filter or gate parameter is associated with the tunnel, and 
filtering or gating is arranged in the mobile network to/from the tunnel based on the association 
(Westberg, paragraph 14, "firewall", "security gateway"). 
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Referring to claim 3, the combination of Haverinen/Westberg discloses the method as 
claimed in claim 1, and further discloses the same tunnel 
between the mobile network and a network element of the mobile network and utilizing the data 
transmission resources of the local network is used for signaling purposes and for user data 
transmission (Westberg, figure 1 and paragraphs 4, 6, 8, 12, 16-22). 

Referring to claim 4, the combination of Haverinen/Westberg discloses the method as 
claimed in claim 1, and further discloses a first tunnel between the mobile terminal and a first 
network element of the mobile network is established for end-to-end service parameter signaling, 
and a second tunnel between the mobile terminal and a second network clement of the mobile 
network is established for user data transmission after the reception of (resource authorization) 
identifier (Westberg, figure 1 and paragraphs 4, 6, 8, 12, 16-22). 

Referring to claim 6, the combination of Haverinen/Westberg discloses the method as 
claimed in claim 1, and further discloses the mobile network is a 3GPP network offering a 
packet-switched service comprising at least one network element supporting access, via a 
WLAN (Westberg, paragraph 31). 

Referring to claim 7, the combination of Haverinen/Westberg discloses the method as 
claimed in claim 1, and further discloses an association is arranged between the tunnel and a 
3GPP-WLAN interworking system bearer (Westberg, figure 1 and paragraphs 4, 6, 8, 12, 16-22). 

Referring to claim 8, claim 8 defines a system reciting features analogous to the features 
defined by the method of claim 1 (as rejected above). Thus, the combination of 
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Haverinen/Ke/Westberg discloses all elements of claim 8 (please see the rejection of claim 1 
above). 

Referring to claims 9-12 and 14, claims 9-12 and 14 define a network reciting features 
analogous to the features defined by the method of claims 1-4 and 6 (as rejected above) 
respectively. Thus, the combination of Haverinen/Westberg discloses all elements of claims 9- 
12 and 14 (please see the rejection of claims 1-4 and 6 above). 

Referring to claims 15-17, claims 15-17 define a terminal and computer products reciting 
features analogous to the features defined by the method of claim 1 (as rejected above). Thus, 
the combination of Haverinen/Westberg discloses all elements of claims 15-17 (please see the 
rejection of claim 1 above). 

Referring to claim 18, the combination of Haverinen/Westberg discloses a wireless 
terminal as claimed in claim 15, and further discloses the tunnel is used for signaling purposes 
and for user data transmission (Westberg, figure 1 and paragraphs 4, 6, 8, 12, 16-22, "IPSec 
tunnel", "datagrams). 

Referring to claim 19, the combination of Haverinen/Westberg discloses a wireless 
terminal as claimed in claim 15, and further discloses a first tunnel is established for end-to-end 
service parameter signaling (see rejection of claim 18 above). 

The combination does not specifically disclose a second tunnel for 
user data transmission after the reception of the resource authorization identifier. 

It would have been an obvious design choice to modify the combination of 
Haverinen/Westberg by establishing a second tunnel for user data transmission after the 
reception of the resource authorization identifier, since the applicant has not disclosed that 
having such additional tunnel solves any stated problems or is for any particular purpose and it 
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appears that the establishing of the first tunnel would perform equally well any transmission of 
user data as suggested by Westberg. 

Claims 20-21 recite features analogous to the features of claims 18-19. Thus, the 
combination of Haverinen/Westberg discloses all elements of claims 20-21 (please see the 
rejection of claims 18-19 above). 

Claim 22 recites features analogous to the features of claim 1 . Thus, the combination of 
Haverinen/Westberg discloses all elements of claims 22 (please see the rejection of claim 1 
above). 

Claim 23 recites features analogous to the features of claim 21 . Thus, the combination of 
Haverinen/Westberg discloses all elements of claims 23 (please see the rejection of claim 21 
above). 

Referring to claim 24, the combination of Haverinen/Westberg discloses a wireless 
system as claimed in claim 22, and further discloses wherein the signaling element is configured 
to transmit at least one filter or gate parameter to the wireless network, wherein the at least one 
filter or gate parameter is associated with the tunnel (figure 1 and paragraphs 4, 6, 8, 12, 16-22, 
"IPSec tunnel", note that an IPSec tunnel inherently uses a filter or gate to filter out packets that 
don't meet an access requirement). 

6. Claims 5 and 13 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Haverinen et el (US 2005/0195780 Al) in view of Westberg et al (US 2004/0267874 Al) and 
further in view of Oba et al (US 2005/0163078). 
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Referring to claims 5 and 13, the combination of Haverinen/Westberg discloses the 
method and network of claims 1 and 9. 

The combination does not specifically disclose the tunnel between the mobile terminal 
and the mobile network is an IPSec tunnel, whereby the tunnel is established by utilizing an IKE 
(Internet Key Exchange) protocol. 

In the field of endeavor, Oba discloses the tunnel between the mobile terminal and the 
mobile network is an IPSec tunnel, whereby the tunnel is established by utilizing an IKE 
(Internet Key Exchange) protocol ("IPsec tunnel for the new subnet is established by running 
IKE or IKEv2 over the latter IPsec tunnel"). 

It would have been obvious to one of the ordinary skill in the art at the time of invention 
to modify the combination by incorporating the teachings of Oba as claimed, for the purpose of 
providing a Multicast/Broadcast Traffic system and taking advantage of an additional 
Firewalls/Intrusion Detection system, and thus providing a securer network. 

Response to Arguments 

7. Applicant's arguments with respect to claims 1-24 have been considered but are they are 
not persuasive. 

In response to arguments that Haverinen does not disclose "transmitting the resource 
authorization identifier to the mobile network via the wireless local network," the examiner 
respectfully disagrees. Haverinen discloses that a mobile terminal establishes a secure 
communication channel with a network via a third network. In order to establish a secure 
network an authentication has to be performed as required in a VPN network (see par. 11). 
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"Resource authorization identifier" is the authentication code that has to be transmitted in 
establishing the secure connection. 

In response to arguments with respect to "authorization response," the examiner asserts 
that in Haverinen's system of providing a VPN connection an authorization response has to be 
sent to satisfy the authentication procedure and therefore establish a secure channel. In response 
to arguments with respect to "separate signaling element," the arguments are moot since the 
applicant amended the claim by deleting the limitation "separate signaling element." However, 
for the sake of clarifying examiner's previous action, the term "separate signaling element" is 
interpreted as the signal that transmits authentication information. 

In response to arguments that Haverinen fails to teach or 
suggest "sending an authorization response to bind a tunnel between the mobile terminal and the 
mobile network to an end-to-end data flow of the mobile terminal," the examiner respectfully 
disagrees. In VPN system of Haverinen an authentication inherently is performed so that only 
authorized terminals can establish a connection through a secure tunnel (channel). Thus, when 
the terminal initiates the connection, the terminal sends an authorization request. And only in 
response to an authorization response the connection is made (to bind a tunnel) between the 
terminal and the mobile network. The end-to end flow is interpreted as flow of data from mobile 
terminal to the network. 

In response to arguments that there is no teaching or suggestion in Westberg 
that a tunnel is bound after a signaling element provides an authorization response having end-to- 
end data flow and tunnel identification information identifying the tunnel, the examiner 
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respectfully disagrees. Similar to Haverinen, Westberg also disclose secure VPN connections 
over a secure IPSec tunnel. Thus, authorization request and authorization response is inherent in 
Westberg. 

In response to arguments with respect to claim 15, that Westberg 
et al. does not teach or suggest use of a separate signaling element" (separate from the wireless 
terminal and mobile network) during the negotiation of end-to-end service related parameters, 
and ... transmit the resource authorization identifier to the mobile network by using the tunnel." 
the examiner asserts that the features upon which the applicant relies (e.g., separate from the 
wireless terminal and mobile network) are not cited in the rejected claims. Although the claims 
are interpreted in light of the specification, limitations from the specification are not read into the 
claims. See in re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993). Further, the 
term "separate signaling element" is interpreted as the signal that transmits authentication 
information. The specification or the claim does not describe signaling element in clear form. 

Conclusion 

8. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

Ke et al (2003/0041266 Al) discloses that in order to have a secure channel, information 
such as tunnel identification would be provided and used so that a virtual system can be 
identified, thus a secure channel would be established (par. 52). 
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9. THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of 
the extension of time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Fred A. Casca whose telephone number is (571) 272-7918. The 
examiner can normally be reached on Monday through Friday from 9 to 5. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Paul Harper, can be reached at (571) 272-7605. The fax phone number for the 
organization where this application or proceeding is assigned is (571) 273-8300. 

Information regarding the status of an application may be obtained from the Patent 

Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
/VINCENT P. HARPER/ 
Supervisory Patent Examiner, Art Unit 2617 



